Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
559ab607169f48179abd8c8b1d062d6f.bin
-
Size
17.4MB
-
Sample
240326-crp36sef5w
-
MD5
559ab607169f48179abd8c8b1d062d6f
-
SHA1
395c3c54d44906ed5029bc3734e02572d4127a43
-
SHA256
0608f245309cd5555269bfb0edda181b5b249ab0426751112a51d24b66878072
-
SHA512
9294385fa90e29353804d971cdaac6df2367cb74b79bedfe564113b437c6b920d686721871a8f510baa32812bc7d8d947ce17094c78908d6bac41582692d60ca
-
SSDEEP
393216:zEk4gf8FgP8AxYDX1+TtIiFGuvB5IjWqn6eclz1PyOX8WjD+da/:zwbFbX71QtIZS3ILn6ecnyheD+da/
Behavioral task
behavioral1
Sample
559ab607169f48179abd8c8b1d062d6f.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
559ab607169f48179abd8c8b1d062d6f.exe
Resource
win10v2004-20240319-en
Malware Config
Targets
-
-
Target
559ab607169f48179abd8c8b1d062d6f.bin
-
Size
17.4MB
-
MD5
559ab607169f48179abd8c8b1d062d6f
-
SHA1
395c3c54d44906ed5029bc3734e02572d4127a43
-
SHA256
0608f245309cd5555269bfb0edda181b5b249ab0426751112a51d24b66878072
-
SHA512
9294385fa90e29353804d971cdaac6df2367cb74b79bedfe564113b437c6b920d686721871a8f510baa32812bc7d8d947ce17094c78908d6bac41582692d60ca
-
SSDEEP
393216:zEk4gf8FgP8AxYDX1+TtIiFGuvB5IjWqn6eclz1PyOX8WjD+da/:zwbFbX71QtIZS3ILn6ecnyheD+da/
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1